Cloud Storage and the Law

As a business or an individual if you store your data in the cloud, you are probably concerned with security and the ability to get your data back. The one issues you may not have thought about is where it is being stored, well maybe you should be according to Technology Review. The term cloud storage is misleading, it makes it seem as if the data is out there some where. The truth is data that is stored in the cloud is being stored in a data center which maybe be located anywhere in the world. The problem is who can get access to the data is unclear. Do the laws in the country where the data is being stored determine who can have access to the data or is it where it originated or maybe even where the company who owns the data center is incorporated. This maybe become an issue between Europe and the U.S if strict European privacy laws start to block U.S. attempts to access information it deems vital to national security. Many European countries have stricter privacy laws then the U.S. In the U.S. the Patriot Act which was passed after 9-11 enhanced the ability of law enforcement to intercept and read email and other records. If a European stores their data with a cloud company whose data center is in the United States would the stricter European privacy laws still apply or would U.S laws. The United States insist that it’s laws reign supreme even if the data is stored in another country if the company that owns the data center is incorporated in the United States. This was what Google and Microsoft both told European courts when they indicated they would have to abide by U.S law no matter where the data is stored. Not only is privacy an issue but also how long data must be kept is becoming an issue. Some country’s laws are based on how long the data must be kept, others are based on when the data must be deleted. These two viewpoints can collide and often do.

Because of this type of uncertainty, both companies and public institutions are starting to rethinking where their data can be stored. Some like the Canadian providence of British Columbia insist that all public healthcare records must be stored within the providence. Swiss financial institutions also say that any of their banking data must be stored in data centers located in Switzerland. As more and more sensitive data is being stored in the cloud these issues are going to continue to come up. This is another area where technology has clearly outpaced the law.